Spring Security intercept-url与Wildcard不匹配

时间:2011-03-25 10:52:19

标签: java-ee spring-security

我尝试使用spring security为我的应用程序实现安全性。 我使用intercept-url拦截页面,例如:

<http auto-config='true'>
    <intercept-url pattern="/logList*" access="ROLE_ADMIN" />
    <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" />
    <logout />
    <remember-me/>
</http>

我第一次尝试使用url:localhost / projectname / logList访问匿名用户的日志 并且页面自动重定向到登录页面

但是当我尝试使用url localhost/projectname/logList/访问日志页面时,匿名用户可以访问日志页面

为什么在模式/logList*正确时会发生这种情况?

2 个答案:

答案 0 :(得分:2)

默认情况下,使用AntPathRequestMatcher。如果添加其他模式

<intercept-url pattern="/logList/*" access="ROLE_ADMIN" />然后就可以了。

以下是测试(请注意,使用RegexRequestMatcher时,相同的模式适用于/ logList /和/ logList):

    @Test
public void antTest1() throws Exception {

    AntPathRequestMatcher pathMatcher = new AntPathRequestMatcher("/loglist*");
    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
     mockRequest.setScheme("http");
     mockRequest.setPathInfo("/logList");
    Assert.assertThat(pathMatcher.matches(mockRequest), is(true));
}

@Test
public void antTest2() throws Exception {


    AntPathRequestMatcher pathMatcher = new AntPathRequestMatcher("/loglist/*");
    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
     mockRequest.setScheme("http");
     mockRequest.setPathInfo("/logList/");
    Assert.assertThat(pathMatcher.matches(mockRequest), is(true));
}

@Test
public void regexTest3() throws Exception {

    RegexRequestMatcher pathMatcher = new RegexRequestMatcher("/logList.*", "GET");
    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
     mockRequest.setScheme("http");
     mockRequest.setMethod("GET");
     mockRequest.setPathInfo("/logList/");
    Assert.assertThat(pathMatcher.matches(mockRequest), is(true));
}

@Test
public void regexTest4() throws Exception {

    RegexRequestMatcher pathMatcher = new RegexRequestMatcher("/logList.*", "GET");
    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
     mockRequest.setScheme("http");
     mockRequest.setMethod("GET");
     mockRequest.setPathInfo("/logList");
    Assert.assertThat(pathMatcher.matches(mockRequest), is(true));
}

要使用RegexRequestMatcher,请将属性“request-matcher”添加到http并将其值设置为“regex”:

<http auto-config="true" request-matcher="regex">

答案 1 :(得分:0)

pattern="/logList/**"会有所作为吗?

相关问题
最新问题